CVE-2026-23404

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel's AppArmor profile removal code used a recursive approach for removing nested profiles, which could lead to kernel stack exhaustion and system crashes. The issue stemmed from the recursive aa profile list release() function. Replacing this with an iterative approach in remove profile() resolves the problem by repeatedly finding and removing leaf profiles without recursion, maintaining the same removal behavior.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23404

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OESA-2026-1950

USN-8098-10

USN-8152-1

USN-8163-1

USN-8163-2

USN-8164-1

USN-8165-1

USN-8201-1

USN-8224-1

USN-8243-1

USN-8261-1

USN-8266-1

USN-8267-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23404

Related Identifiers

Affected Products

References · 921